| Security professionals use a variety of sources to improve their knowledge of defense and mitigation strategies and to stay up-to-date on known vulnerabilities or intrusion techniques. The following list contains some of the publicly available sources of information: The CERT Coordination Center (www.cert.org) Established in 1988, the CERT Coordination Center (CERT/CC) is a center of Internet security expertise. It is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. The Forum of Incident Response and Security Teams (FIRST) (www.first.org) FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large. The SANS Institute (www.sans.org) SANS (SysAdmin, Audit, Network, Security) develops, maintains, and makes available at no cost the largest collection of research documents about various aspects of information security. It operates the Internet's early warning system, the Internet Storm Center. The SANS Institute was established in 1989 as a cooperative research and education organization. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. The Computer Crime and Intellectual Property Section (CCIPS) (www.cybercrime.gov) CCIPS is a department of the Criminal Division of the U.S. Department of Justice. It provides information on topics such as computer crime, intellectual property crime, cybercrime documents, and cybernetics.
In addition, there are a number of security portals: Insecure (www.insecure.org) Insecure.org is the home of Nmap (security scanning tool) and provides information on security tools, techniques, and news. Information Systems Security (http://infosyssec.com) Infosyssec was originally created by students for students, to help locate and consolidate resources on the Internet that would assist them in their study of information system security. It has become a favorite bookmark of information security professionals.
|
